Jarod Thornton

Marking this resolved ??

I thought I would update and share the solution I was able to work out in the event anyone else runs into this kind of problem.

To reiterate what I’m working with and the issue I was experiencing:

1) Directory based WPMU with ARPW plugin network activated.

2) TimThumb (in ARPW plugin folder):

– (‘ALLOW_EXTERNAL’, TRUE);
– (‘ALLOW_ALL_EXTERNAL_SITES’, false);
– $ALLOWED_SITES = array *set domains for allowing use – ARPW*

3) The problem:

– Thumbs were not working on all network sites despite correctly configured TimThumb parameters. Most sites worked OK, several were not.

4) The solution:

– Network sites experiencing the problem were some of the first sites setup when our WPMU launched.

– Our site settings within the Network Admin were not set correctly to work with TimThumb.

– Network Admin > Sites > Site ID > Info > Domain & Settings > SiteURL has to be set to the directory URL and not the mapped domain name i.e. https://wpmuparentdomain.com/sitename NOT https://sitedomain.com

I’m not sure if the same problem would arise with subdomain WPMU.

Once I corrected the Domain and SiteURL it all worked out. Pretty simple and I had a face palm moment lol…

By default www.ads-software.com does not delete threads or comments, however you may take a look at the links below and decide where to go from there.

Reporting Threads

Deleting / Editing Posts

Contacting the Moderators

Murarig, these threads are public and indexed by search engines ie Google. Given that you have had this information up for ~3 weeks, I strongly suggest correcting the issue by changing your WordPress setup to ensure there are no vulnerabilities.

Use a plugin ie https://www.ads-software.com/plugins/better-wp-security/ to improve security. This plugin has a few great features that would help ie changing the DB prefix.

Again, as your info has been up for a while, please consider taking the time to setup new database, user, password, generate new keys and migrate your production site ASAP.

I hope I’m not out of line and this isn’t going to be helpful to the problem (which looks like you’ve resolved), murarig, but you’re showing all the goods in your post…

ediscoverysquad.com

[Moderator note: Please don’t repost the credentials]

As well as all your keys…

Hopefully someone PM you or you caught it and changed everything. If not, I highly suggest doing so…

I stumbled onto this while researching my own problems ??

Awesome! Thank you, Pippin. I think this functionality will be useful for anyone who runs a network and provides access to admin. SFB is a simple way to add a nice option for making a website look and feel unique.

Thanks again.

I’m going to go ahead and close this topic.

Fair enough. I will keep an eye and gather more information and revisit this in the coming months I suppose.

Enjoy the holidays and happy new year!

Ipstenu, I’ve considered using a search / replace for the DB but my concern is that with ~100 domains and adding new all the time, how to maintain consistency without having to repeat. Also, some of the paths are in files code which occurs when sites are pre launch without domain.

You my be correct that there is no real solution and I’m just being nit-picky and may need to live with it, but I like to believe anything is possible ??

To your knowledge, is there any slick htaccess mods that might address the files code references essentially re-writing the absolute paths even if simply masking?

Thanks again for all your feedback.

Here are examples of referral domain and referral paths of which has no reference to the root domain.

The root domain is an addon domain within WHM / cPanel environtment.

Root domain: https://iemajen.com

Referrals:

1) https://asphaltanimals.com/kentuckys-asphalt-animals/

2) https://frankclose.com/portfolio (not even on the cPanel account or WPMU)

These are within the last week.

Here’s an update…

I figured out I can change the values in domain1.co/ wp-config.php to use domain2.com/wp-config.php which is a huge step toward what I want.

domain1.com/wp-config.php

define( 'BLOCK_LOAD', true );
echo ( file_get_contents( 'https://domain2.com/wp-config.php' ));
echo ( file_get_contents( 'https://domain2.com/wp-includes/wp-db.php' ));
$wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);

This effectively loads the configuration from domain2.com for domain1.com.

The next step is defining the site ID as mapping domain1.com within domain2.com network doesn’t work. I’m not sure how to go about making this work but I understand the basic principle of what needs to happen.

domain1.com queries the database and returns wp_ID for which I intend to use.

I can start writing up a plugin if I can get direction for how and what to hook into.

Looking forward to feedback!

I have noticed a few referral paths that makes reference to network referral paths, however these are not the referrals in question. The referral paths I’m seeing are actual URL from public facing websites.

I appreciate your feedback, Ipstenu.

The data for rootdomain.com within GA includes domain2.com as referral traffic but domain2.com has absolutely nothing in terms of backlinks to rootdomain.com.

I’ve looked through several records over the past year or so since implementing the network for all my clients and what I’ve seen are domain2.com referral paths that when reviewed may have references to stylesheets at rootdomain.com but I’ve also seen this for websites that have absolutely no reference to rootdomain.com on the site or referral path.

That is what I am curious to determine.

If there is a method to mask or otherwise remove the references to rootdomain.com altogether it would be ideal. I was thinking something either in wp-config.php or even .htaccess.

That alone is what I am wondering and I’m hopeful someone in the community will chime in with ideas or feedback to work towards a solution.

I realize that “with a little work” someone may be able to determine I am running a MU network and uncover the domain, but that is not a concern and it’s not so much about privacy as much as it is curiosity and from the perspective of SEO how it may impact index of MU network, after all GU clearly see’s the referral traffic :/

If it weren’t for MU I wouldn’t be in this business lol

Well, yes they are all under a single user account but each domain has it’s own property and thus unique ID.

I noticed the server logs had most of the data I am referring to, however I have also noticed that there are a few referrals from GA that come from one or more of my network sites which do not have a backlink to root anywhere on the website. This leads me to believe that somehow it is possible to see the root domain from sub site domains.

My primary reason for inquiry is due to recent brute force attacks on my network. I’ve just finished installing Better WP Security to compliment other plugins ie BackupBuddy and this will resolve the issue of attempted (unsuccessful) exploits. I think a lot of the hits I refer to are bots seeing this somehow.

Perhaps BWPS will address this as it reads to imply with my configuration so I guess I will see.

In general, I would prefer all my sub site domains to have no reference whatsoever to my root domain, including media etc, if possible without creating a lot of work.

I am unclear on what you mean by “the su_ and compatibility mode was enabled by default”, happyches.

I updated today and noticed shortcodes were not working. I simply removed the su_ prefix and they are all working as expected. For clarification, how will this affect my sites on the network in the future?

“This new updated version is going to help all of us with the really old shortcodes as well as any new ones”.

Will the removal of the prefix keep any new shortcodes from having it by default, including new sites added after this update?

It makes complete sense adding the prefix option and I wonder if I should change any existing shortcodes in the database. If this is a good idea, can you suggest the best way to go about this?

Thank you for all the input!

SFGolfer I’m not sure if this will be helpful, but I also admin a network of “non technical” users. Being that they are already non-technical I simply went the direction of hiding elements using CSS. I wrote up a plugin and that is one of it’s functions; load custom CSS based on user role. This gives me total control of what they see and can access.

function load_custom_wp_admin_style()
		{
			echo '<link href="https://urltoyourstylesheet-1" rel="stylesheet" type="text/css">';

				if (is_super_admin(1 == $current_user->ID))
				{
					echo '<link href="https://urltoyourstylesheet-2" rel="stylesheet" type="text/css">';
					}

				else
				{
					echo '<link href="https://urltoyourstylesheet-3" rel="stylesheet" type="text/css">';

				}
		}

I basically load a default stylesheet for everyone, then a special stylesheet for me, or none if you like, and lastly a stylesheet for everyone else.

I did just this for Shortcodes Ultimate.

a.su-generator-button {
  display:none !important;
}